European-based cinema company, Pathé, is reported to have lost over $21.5 million USD (approximately €19 million) from a Business Email Compromise (BEC) that occurred in March 2018. The scam allegedly ran for approximately a month. This campaign targeted both the company’s CEO and CFO in the Netherlands pretending to be the heads of the French office. The scam emails stated that the head office in France was attempting to acquire a foreign organisation in Dubai and that it was to be strictly confidential to avoid competitors finding out. The CEO and CFO wired approximately €800,000 initially and continued to send money, even whilst on vacation. Following the legitimate head office discovering the scam, both the CEO and CFO were fired due to not noticing the “red flags.”

Recommendation: It is helpful for your business to use a company domain for email accounts, and maintain policies to educate employees to identify BEC attempts. Corporate email accounts should also employ two-factor authentication to add another layer of protection to email accounts that contain sensitive information. Authentication is critical to prevent an employee conducting a transaction that is not legitimate. There should be processes in place that require approval through secure and legitimate communications that threat actors cannot interject into. If a request seems a bit strange, it is always best practice to get confirmation directly from the source, whether that be obtained face-to-face or via an authenticated phone call.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.